Lucene search

Veracode Vulnerability DatabaseVERACODE:45250

HistoryJan 31, 2024 - 7:01 a.m.

User Enumeration

2024-01-3107:01:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

user enumeration

vulnerability

observable differences

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

vantage6 is vulnerable to User Enumeration. The vulnerability is due to observable differences in response timing between valid and invalid usernames within login requests. This issue can be exploited by an attacker to enumerate through valid usernames.

CPENameOperatorVersion
vantage6le4.1.3
vantage6le4.1.3

CPE	Name	Operator	Version
	vantage6	le	4.1.3
	vantage6	le	4.1.3

References

github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30

github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for VERACODE:45250